001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.io.crypto;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertNotNull;
022
023import java.io.File;
024import java.io.FileOutputStream;
025import java.net.URLEncoder;
026import java.security.Key;
027import java.security.KeyStore;
028import java.security.MessageDigest;
029import java.util.Properties;
030import javax.crypto.spec.SecretKeySpec;
031import org.apache.hadoop.hbase.HBaseClassTestRule;
032import org.apache.hadoop.hbase.HBaseCommonTestingUtility;
033import org.apache.hadoop.hbase.testclassification.MiscTests;
034import org.apache.hadoop.hbase.testclassification.SmallTests;
035import org.apache.hadoop.hbase.util.Bytes;
036import org.junit.BeforeClass;
037import org.junit.ClassRule;
038import org.junit.Test;
039import org.junit.experimental.categories.Category;
040import org.slf4j.Logger;
041import org.slf4j.LoggerFactory;
042
043@Category({MiscTests.class, SmallTests.class})
044public class TestKeyStoreKeyProvider {
045
046  @ClassRule
047  public static final HBaseClassTestRule CLASS_RULE =
048      HBaseClassTestRule.forClass(TestKeyStoreKeyProvider.class);
049
050  private static final Logger LOG = LoggerFactory.getLogger(TestKeyStoreKeyProvider.class);
051  static final HBaseCommonTestingUtility TEST_UTIL = new HBaseCommonTestingUtility();
052  static final String ALIAS = "test";
053  static final String PASSWORD = "password";
054
055  static byte[] KEY;
056  static File storeFile;
057  static File passwordFile;
058
059  @BeforeClass
060  public static void setUp() throws Exception {
061    KEY = MessageDigest.getInstance("SHA-256").digest(Bytes.toBytes(ALIAS));
062    // Create a JKECS store containing a test secret key
063    KeyStore store = KeyStore.getInstance("JCEKS");
064    store.load(null, PASSWORD.toCharArray());
065    store.setEntry(ALIAS,
066      new KeyStore.SecretKeyEntry(new SecretKeySpec(KEY, "AES")),
067      new KeyStore.PasswordProtection(PASSWORD.toCharArray()));
068    // Create the test directory
069    String dataDir = TEST_UTIL.getDataTestDir().toString();
070    new File(dataDir).mkdirs();
071    // Write the keystore file
072    storeFile = new File(dataDir, "keystore.jks");
073    FileOutputStream os = new FileOutputStream(storeFile);
074    try {
075      store.store(os, PASSWORD.toCharArray());
076    } finally {
077      os.close();
078    }
079    // Write the password file
080    Properties p = new Properties();
081    p.setProperty(ALIAS, PASSWORD);
082    passwordFile = new File(dataDir, "keystore.pw");
083    os = new FileOutputStream(passwordFile);
084    try {
085      p.store(os, "");
086    } finally {
087      os.close();
088    }
089  }
090
091  @Test
092  public void testKeyStoreKeyProviderWithPassword() throws Exception {
093    KeyProvider provider = new KeyStoreKeyProvider();
094    provider.init("jceks://" + storeFile.toURI().getPath() + "?password=" + PASSWORD);
095    Key key = provider.getKey(ALIAS);
096    assertNotNull(key);
097    byte[] keyBytes = key.getEncoded();
098    assertEquals(keyBytes.length, KEY.length);
099    for (int i = 0; i < KEY.length; i++) {
100      assertEquals(keyBytes[i], KEY[i]);
101    }
102  }
103
104  @Test
105  public void testKeyStoreKeyProviderWithPasswordFile() throws Exception {
106    KeyProvider provider = new KeyStoreKeyProvider();
107    provider.init("jceks://" + storeFile.toURI().getPath() + "?passwordFile=" +
108      URLEncoder.encode(passwordFile.getAbsolutePath(), "UTF-8"));
109    Key key = provider.getKey(ALIAS);
110    assertNotNull(key);
111    byte[] keyBytes = key.getEncoded();
112    assertEquals(keyBytes.length, KEY.length);
113    for (int i = 0; i < KEY.length; i++) {
114      assertEquals(keyBytes[i], KEY[i]);
115    }
116  }
117}